@synapsor/runner 0.1.0-alpha.2 → 0.1.0-alpha.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -23,20 +23,28 @@ Current local-mode foundation:
23
23
 
24
24
  Still pending:
25
25
 
26
- - Public-release hardening around the experimental `node:sqlite` dependency.
26
+ The alpha package requires Node >= 22.5.0 because the local evidence/replay
27
+ ledger uses Node's `node:sqlite` runtime. The published package declares that
28
+ engine requirement and the CLI exits early with a clear message on older Node
29
+ versions. The Docker-backed demo remains the recommended path when you do not
30
+ want to change your host Node version.
31
+
32
+ Commands in this page that use local ledger search/export or `synapsor store`
33
+ require this checkout or package version `0.1.0-alpha.4` or newer while npm
34
+ `@alpha` still points to an older alpha.
27
35
 
28
36
  ## Initialize a config
29
37
 
30
38
  Create a starter config without putting credentials in the file:
31
39
 
32
40
  ```bash
33
- npx -y -p @synapsor/runner@alpha synapsor-runner init --engine postgres --mode review
41
+ npx -y -p @synapsor/runner@alpha synapsor init --engine postgres --mode review
34
42
  ```
35
43
 
36
44
  For MySQL:
37
45
 
38
46
  ```bash
39
- npx -y -p @synapsor/runner@alpha synapsor-runner init --engine mysql --mode review --output synapsor.mysql.runner.json
47
+ npx -y -p @synapsor/runner@alpha synapsor init --engine mysql --mode review --output synapsor.mysql.runner.json
40
48
  ```
41
49
 
42
50
  The generated config uses environment-variable names for read/write URLs and trusted context. Edit the table, column, and capability names before serving tools.
@@ -49,8 +57,8 @@ persisted into proposals, evidence, query audit, runner state, or replay.
49
57
  For a reviewed own-database setup generated from explicit selections, use:
50
58
 
51
59
  ```bash
52
- npx -y -p @synapsor/runner@alpha synapsor-runner init --spec onboarding-selection.json --non-interactive
53
- npx -y -p @synapsor/runner@alpha synapsor-runner doctor --config synapsor.runner.json
60
+ npx -y -p @synapsor/runner@alpha synapsor init --spec onboarding-selection.json --non-interactive
61
+ npx -y -p @synapsor/runner@alpha synapsor doctor --config synapsor.runner.json
54
62
  ```
55
63
 
56
64
  `doctor --config` checks config validation, required environment variables,
@@ -87,19 +95,19 @@ If neither is set, the CLI uses:
87
95
  List proposals:
88
96
 
89
97
  ```bash
90
- npx -y -p @synapsor/runner@alpha synapsor-runner proposals list --store ./.synapsor/local.db
98
+ npx -y -p @synapsor/runner@alpha synapsor proposals list --store ./.synapsor/local.db
91
99
  ```
92
100
 
93
101
  Show a proposal:
94
102
 
95
103
  ```bash
96
- npx -y -p @synapsor/runner@alpha synapsor-runner proposals show wrp_123 --store ./.synapsor/local.db
104
+ npx -y -p @synapsor/runner@alpha synapsor proposals show wrp_123 --store ./.synapsor/local.db
97
105
  ```
98
106
 
99
107
  Approve:
100
108
 
101
109
  ```bash
102
- npx -y -p @synapsor/runner@alpha synapsor-runner proposals approve wrp_123 \
110
+ npx -y -p @synapsor/runner@alpha synapsor proposals approve wrp_123 \
103
111
  --store ./.synapsor/local.db \
104
112
  --actor local_reviewer \
105
113
  --yes
@@ -110,7 +118,7 @@ Before approval, the CLI prints the reviewer-critical proposal details: trusted
110
118
  Create a guarded writeback job from an approved proposal:
111
119
 
112
120
  ```bash
113
- npx -y -p @synapsor/runner@alpha synapsor-runner proposals writeback-job wrp_123 \
121
+ npx -y -p @synapsor/runner@alpha synapsor proposals writeback-job wrp_123 \
114
122
  --store ./.synapsor/local.db \
115
123
  --project local \
116
124
  --runner local_runner \
@@ -122,7 +130,7 @@ The generated job uses the public `synapsor.writeback-job.v1` protocol and can b
122
130
  ```bash
123
131
  SYNAPSOR_ENGINE=postgres \
124
132
  SYNAPSOR_DATABASE_URL="postgresql://writer:<password>@localhost:5432/app" \
125
- npx -y -p @synapsor/runner@alpha synapsor-runner apply --job job.json --config synapsor.runner.json --store ./.synapsor/local.db
133
+ npx -y -p @synapsor/runner@alpha synapsor apply --job job.json --config synapsor.runner.json --store ./.synapsor/local.db
126
134
  ```
127
135
 
128
136
  Passing `--store` records the terminal `synapsor.execution-receipt.v1` locally. Replay then links the proposal, approval, writeback job, applied/conflict/failed receipt, evidence, and query audit.
@@ -130,7 +138,7 @@ Passing `--store` records the terminal `synapsor.execution-receipt.v1` locally.
130
138
  Reject:
131
139
 
132
140
  ```bash
133
- npx -y -p @synapsor/runner@alpha synapsor-runner proposals reject wrp_123 \
141
+ npx -y -p @synapsor/runner@alpha synapsor proposals reject wrp_123 \
134
142
  --store ./.synapsor/local.db \
135
143
  --reason "policy evidence is incomplete" \
136
144
  --yes
@@ -147,7 +155,7 @@ Shadow-mode proposals are inspectable through `proposals show` and `replay show`
147
155
  Start a localhost-only review UI:
148
156
 
149
157
  ```bash
150
- npx -y -p @synapsor/runner@alpha synapsor-runner ui --config synapsor.runner.json --store ./.synapsor/local.db
158
+ npx -y -p @synapsor/runner@alpha synapsor ui --config synapsor.runner.json --store ./.synapsor/local.db
151
159
  ```
152
160
 
153
161
  The UI shows setup summary, semantic tools, proposal states, exact diffs,
@@ -163,19 +171,74 @@ tools, MCP commit tools, or controls that widen configured tables/columns.
163
171
  Show replay:
164
172
 
165
173
  ```bash
166
- npx -y -p @synapsor/runner@alpha synapsor-runner replay show wrp_123 --store ./.synapsor/local.db
174
+ npx -y -p @synapsor/runner@alpha synapsor replay show wrp_123 --store ./.synapsor/local.db
175
+ npx -y -p @synapsor/runner@alpha synapsor replay show --proposal wrp_123 --store ./.synapsor/local.db
176
+ npx -y -p @synapsor/runner@alpha synapsor replay show --replay replay_wrp_123 --store ./.synapsor/local.db
177
+ npx -y -p @synapsor/runner@alpha synapsor replay show --evidence ev_123 --store ./.synapsor/local.db
167
178
  ```
168
179
 
169
180
  Export replay:
170
181
 
171
182
  ```bash
172
- npx -y -p @synapsor/runner@alpha synapsor-runner replay export wrp_123 \
183
+ npx -y -p @synapsor/runner@alpha synapsor replay export wrp_123 \
173
184
  --store ./.synapsor/local.db \
174
185
  --output replay.json
186
+
187
+ npx -y -p @synapsor/runner@alpha synapsor replay export --proposal wrp_123 \
188
+ --format markdown \
189
+ --store ./.synapsor/local.db \
190
+ --output replay.md
175
191
  ```
176
192
 
177
193
  Replay records include proposal metadata, before/after diff, events, writeback receipts, evidence summaries, and query audit rows currently stored for the proposal.
178
194
 
195
+ ## Local evidence, query audit, and receipts
196
+
197
+ The local SQLite store is also searchable without relying on `latest`:
198
+
199
+ ```bash
200
+ synapsor activity search \
201
+ --tenant acme \
202
+ --object invoice:INV-3001 \
203
+ --store ./.synapsor/local.db
204
+
205
+ synapsor evidence list \
206
+ --tenant acme \
207
+ --capability billing.inspect_invoice \
208
+ --source app_postgres \
209
+ --table invoices \
210
+ --store ./.synapsor/local.db
211
+
212
+ synapsor evidence show ev_123 --store ./.synapsor/local.db
213
+ synapsor query-audit list --evidence ev_123 --store ./.synapsor/local.db
214
+ synapsor receipts list --proposal wrp_123 --store ./.synapsor/local.db
215
+ synapsor receipts show <receipt_id> --store ./.synapsor/local.db
216
+ ```
217
+
218
+ Read-only MCP tools record evidence bundles and query-audit rows and return an
219
+ evidence handle. Use `evidence show`, `evidence list`, and `query-audit list`
220
+ to inspect those captured rows and fingerprints later without rerunning the
221
+ external database read.
222
+
223
+ This is local indexed search over the runner's SQLite ledger. It is not
224
+ external Postgres/MySQL time travel, not native branching, and not a hosted
225
+ cross-runner audit ledger.
226
+
227
+ ## Local store maintenance
228
+
229
+ The local ledger is a developer/staging SQLite file. You can inspect, compact,
230
+ or prune it without touching your source Postgres/MySQL database:
231
+
232
+ ```bash
233
+ synapsor store stats --store ./.synapsor/local.db
234
+ synapsor store vacuum --store ./.synapsor/local.db
235
+ synapsor store prune --store ./.synapsor/local.db --older-than 30d --dry-run
236
+ synapsor store prune --store ./.synapsor/local.db --older-than 30d --yes
237
+ ```
238
+
239
+ `store prune` defaults to dry-run. Use `--yes` only after reviewing the row
240
+ counts it will remove.
241
+
179
242
  ## Boundary
180
243
 
181
244
  Local mode does not expose `approve_proposal` or `commit_proposal` as model-callable MCP tools. The intended flow is:
@@ -184,7 +247,7 @@ Local mode does not expose `approve_proposal` or `commit_proposal` as model-call
184
247
  MCP tool call
185
248
  -> reviewed semantic proposal
186
249
  -> local store
187
- -> human/policy approval outside the model
250
+ -> human/operator approval outside the model
188
251
  -> guarded worker writeback
189
252
  -> terminal receipt
190
253
  -> replay
package/docs/local-ui.md CHANGED
@@ -7,7 +7,7 @@ From a source checkout, use `./bin/synapsor ui ...` if the global binary is not
7
7
  linked yet.
8
8
 
9
9
  ```bash
10
- npx -y -p @synapsor/runner@alpha synapsor-runner ui --config ./synapsor.runner.json --store ./.synapsor/local.db
10
+ npx -y -p @synapsor/runner@alpha synapsor ui --config ./synapsor.runner.json --store ./.synapsor/local.db
11
11
  ```
12
12
 
13
13
  By default it binds to localhost only and prints a per-run URL:
@@ -135,7 +135,7 @@ For normal use, do not bind the UI to anything except localhost.
135
135
  For a deliberate trusted local-network demo:
136
136
 
137
137
  ```bash
138
- npx -y -p @synapsor/runner@alpha synapsor-runner ui --host 0.0.0.0 --allow-remote-bind
138
+ npx -y -p @synapsor/runner@alpha synapsor ui --host 0.0.0.0 --allow-remote-bind
139
139
  ```
140
140
 
141
141
  Do this only in an isolated environment. The local UI is not a hosted
@@ -156,8 +156,8 @@ The UI is intentionally small in the current alpha:
156
156
  Use the CLI apply path after approval:
157
157
 
158
158
  ```bash
159
- npx -y -p @synapsor/runner@alpha synapsor-runner proposals writeback-job wrp_123 --store ./.synapsor/local.db --output job.json
159
+ npx -y -p @synapsor/runner@alpha synapsor proposals writeback-job wrp_123 --store ./.synapsor/local.db --output job.json
160
160
  SYNAPSOR_ENGINE=postgres \
161
161
  SYNAPSOR_DATABASE_URL="$SYNAPSOR_DATABASE_WRITE_URL" \
162
- npx -y -p @synapsor/runner@alpha synapsor-runner apply --job job.json --config synapsor.runner.json --store ./.synapsor/local.db
162
+ npx -y -p @synapsor/runner@alpha synapsor apply --job job.json --config synapsor.runner.json --store ./.synapsor/local.db
163
163
  ```
package/docs/mcp-audit.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # MCP database risk review
2
2
 
3
- `npx -y -p @synapsor/runner@alpha synapsor-runner audit <target>` performs a
3
+ `npx -y -p @synapsor/runner@alpha synapsor audit <target>` performs a
4
4
  static MCP database risk review over an exported tool manifest, a remote MCP
5
5
  `tools/list` endpoint, or a stdio MCP server. The `mcp audit` subcommand is also
6
6
  available for users who look for the command under the MCP namespace.
@@ -20,42 +20,63 @@ MCP annotations are treated as hints, not enforcement.
20
20
 
21
21
  ## Usage
22
22
 
23
+ Built-in database MCP risk example:
24
+
25
+ ```bash
26
+ npx -y -p @synapsor/runner@alpha synapsor audit --example dangerous-db-mcp
27
+ ```
28
+
29
+ Markdown output requires this checkout or package version `0.1.0-alpha.4` or
30
+ newer. Check `npm view @synapsor/runner@alpha version` before promoting npm
31
+ snippets publicly.
32
+
33
+ This bundled example does not require a source checkout or local examples file.
34
+ It audits a deliberately risky database MCP shape with `execute_sql`,
35
+ `run_query`, model-callable approval/update/delete tools, arbitrary
36
+ table/column inputs, and model-controlled tenant/principal fields.
37
+
23
38
  Human-readable output:
24
39
 
25
40
  ```bash
26
- npx -y -p @synapsor/runner@alpha synapsor-runner audit ./tools-list.json
41
+ npx -y -p @synapsor/runner@alpha synapsor audit ./tools-list.json
27
42
  ```
28
43
 
29
44
  Remote `tools/list` endpoint with a bearer token kept in the environment:
30
45
 
31
46
  ```bash
32
47
  SYNAPSOR_MCP_AUDIT_BEARER="..." \
33
- npx -y -p @synapsor/runner@alpha synapsor-runner audit https://mcp.example.com --json
48
+ npx -y -p @synapsor/runner@alpha synapsor audit https://mcp.example.com --format json
34
49
  ```
35
50
 
36
51
  Remote endpoint with a custom bearer-token environment variable:
37
52
 
38
53
  ```bash
39
- npx -y -p @synapsor/runner@alpha synapsor-runner audit https://mcp.example.com --bearer-env MCP_AUDIT_TOKEN --json
54
+ npx -y -p @synapsor/runner@alpha synapsor audit https://mcp.example.com --bearer-env MCP_AUDIT_TOKEN --format json
40
55
  ```
41
56
 
42
57
  Stdio MCP server:
43
58
 
44
59
  ```bash
45
- npx -y -p @synapsor/runner@alpha synapsor-runner audit 'stdio:node ./server.mjs' --timeout-ms 5000
60
+ npx -y -p @synapsor/runner@alpha synapsor audit 'stdio:node ./server.mjs' --timeout-ms 5000
46
61
  ```
47
62
 
48
63
  JSON output:
49
64
 
50
65
  ```bash
51
- npx -y -p @synapsor/runner@alpha synapsor-runner audit ./tools-list.json --json
66
+ npx -y -p @synapsor/runner@alpha synapsor audit ./tools-list.json --format json
67
+ ```
68
+
69
+ Markdown output for issues, PRs, or security review notes:
70
+
71
+ ```bash
72
+ npx -y -p @synapsor/runner@alpha synapsor audit --example dangerous-db-mcp --format markdown
52
73
  ```
53
74
 
54
75
  During local development, the repo-local wrapper can run the same command:
55
76
 
56
77
  ```bash
57
78
  ./bin/synapsor audit ./tools-list.json
58
- ./bin/synapsor audit ./tools-list.json --json
79
+ ./bin/synapsor audit ./tools-list.json --format json
59
80
  ```
60
81
 
61
82
  ## Supported inputs
@@ -29,7 +29,7 @@ corepack pnpm test:mcp-client-configs
29
29
  Print a snippet without modifying any client files:
30
30
 
31
31
  ```bash
32
- npx -y -p @synapsor/runner@alpha synapsor-runner mcp config claude-desktop \
32
+ npx -y -p @synapsor/runner@alpha synapsor mcp config claude-desktop \
33
33
  --config ./synapsor.runner.json \
34
34
  --store ./.synapsor/local.db
35
35
  ```
@@ -47,13 +47,13 @@ vscode
47
47
  The older form is still supported:
48
48
 
49
49
  ```bash
50
- npx -y -p @synapsor/runner@alpha synapsor-runner mcp configure --client claude-desktop --config ./synapsor.runner.json --store ./.synapsor/local.db
50
+ npx -y -p @synapsor/runner@alpha synapsor mcp configure --client claude-desktop --config ./synapsor.runner.json --store ./.synapsor/local.db
51
51
  ```
52
52
 
53
53
  Write is opt-in and requires an explicit destination:
54
54
 
55
55
  ```bash
56
- npx -y -p @synapsor/runner@alpha synapsor-runner mcp configure \
56
+ npx -y -p @synapsor/runner@alpha synapsor mcp configure \
57
57
  --client cursor \
58
58
  --config ./synapsor.runner.json \
59
59
  --store ./.synapsor/local.db \
@@ -72,7 +72,7 @@ database URLs or passwords into the client config.
72
72
  From the runner repository:
73
73
 
74
74
  ```bash
75
- npx -y -p @synapsor/runner@alpha synapsor-runner mcp serve --config ./examples/mcp-postgres-billing/synapsor.runner.json --store ./.synapsor/local.db
75
+ npx -y -p @synapsor/runner@alpha synapsor mcp serve --config ./examples/mcp-postgres-billing/synapsor.runner.json --store ./.synapsor/local.db
76
76
  ```
77
77
 
78
78
  For the alpha package, keep the package tag explicit in client configuration.
@@ -82,13 +82,13 @@ For the alpha package, keep the package tag explicit in client configuration.
82
82
  ```json
83
83
  {
84
84
  "mcpServers": {
85
- "synapsor-runner": {
85
+ "synapsor": {
86
86
  "command": "npx",
87
87
  "args": [
88
88
  "-y",
89
89
  "-p",
90
90
  "@synapsor/runner@alpha",
91
- "synapsor-runner",
91
+ "synapsor",
92
92
  "mcp",
93
93
  "serve",
94
94
  "--config",
@@ -7,13 +7,13 @@ The global `synapsor` command is only needed after installing or linking the
7
7
  CLI.
8
8
 
9
9
  ```bash
10
- npx -y -p @synapsor/runner@alpha synapsor-runner benchmark mcp-efficiency
10
+ npx -y -p @synapsor/runner@alpha synapsor benchmark mcp-efficiency
11
11
  ```
12
12
 
13
13
  For machine-readable output:
14
14
 
15
15
  ```bash
16
- npx -y -p @synapsor/runner@alpha synapsor-runner benchmark mcp-efficiency --json
16
+ npx -y -p @synapsor/runner@alpha synapsor benchmark mcp-efficiency --json
17
17
  ```
18
18
 
19
19
  The benchmark compares an included fixture, not universal model behavior.
@@ -0,0 +1,254 @@
1
+ # Synapsor Runner Open-Source Feature Inventory
2
+
3
+ Date: 2026-06-23
4
+
5
+ Branch inspected: `runner-segment-scale-adoption`
6
+
7
+ This inventory tracks the open-source runner boundary. It is not a list of
8
+ Synapsor Cloud or Synapsor DBMS features.
9
+
10
+ ## Summary
11
+
12
+ Synapsor Runner now has a local evidence/replay ledger for real
13
+ Postgres/MySQL-backed MCP interactions:
14
+
15
+ - config-defined semantic MCP tools instead of raw SQL;
16
+ - trusted tenant/principal context binding;
17
+ - scoped source reads;
18
+ - local evidence bundles and query audit;
19
+ - proposal-first writes with before/proposed diffs;
20
+ - local approval/rejection outside MCP;
21
+ - guarded single-row writeback;
22
+ - writeback receipts;
23
+ - proposal replay;
24
+ - local indexed search over proposals, evidence, query audit, receipts, and
25
+ replay links.
26
+ - npm/package trust checks for the public `synapsor` bin and legacy
27
+ `synapsor-runner` alias;
28
+ - a fixture-only `demo --quick` that seeds an inspectable local ledger without
29
+ Docker;
30
+ - shareable MCP audit JSON/Markdown output;
31
+ - redacted doctor Markdown report output.
32
+
33
+ The local store is SQLite and intended for local/dev/staging usage. It is not a
34
+ hosted central audit ledger, not RBAC/SSO, not cross-runner search, not
35
+ enterprise retention, and not compliance export.
36
+
37
+ ## Implemented Local Concepts
38
+
39
+ | Synapsor concept | Runner implementation | Status |
40
+ | --- | --- | --- |
41
+ | Context bindings | Trusted tenant/principal from env/static dev/HTTP/cloud session config | Implemented |
42
+ | Capabilities | Reviewed semantic MCP tools from `synapsor.runner.json` | Implemented |
43
+ | Evidence bundles | Captured/projected rows and metadata persisted locally | Implemented |
44
+ | Query audit | Source/table/fingerprint/row-count/redacted-parameter records | Implemented |
45
+ | Proposals | Immutable before/proposed change sets | Implemented |
46
+ | Approval | Local CLI/UI approval/rejection outside MCP | Implemented |
47
+ | Guarded writeback | Single-row Postgres/MySQL `UPDATE` with primary-key, tenant, allowed-column, conflict, idempotency, and affected-row checks | Implemented |
48
+ | Receipts | Applied/conflict/failed writeback receipts | Implemented |
49
+ | Replay | Proposal replay from local captured records | Implemented |
50
+ | MCP audit | Static risk review for database MCP tool shapes | Implemented |
51
+ | Local indexed search | CLI filters for activity, proposals, evidence, query audit, and receipts | Implemented |
52
+
53
+ ## New Local Ledger Commands
54
+
55
+ ```bash
56
+ synapsor activity search --tenant acme --object invoice:INV-3001
57
+ synapsor proposals list --tenant acme --capability billing.propose_late_fee_waiver --object invoice:INV-3001 --status approved
58
+ synapsor evidence list --tenant acme --capability billing.inspect_invoice --source app_postgres --table invoices
59
+ synapsor evidence show ev_...
60
+ synapsor evidence export ev_... --format json --output evidence.json
61
+ synapsor evidence export ev_... --format markdown --output evidence.md
62
+ synapsor query-audit list --evidence ev_... --source app_postgres --table invoices
63
+ synapsor query-audit show <audit_id>
64
+ synapsor query-audit export <audit_id> --format json --output audit.json
65
+ synapsor receipts list --proposal wrp_...
66
+ synapsor receipts show <receipt_id>
67
+ synapsor replay show --proposal wrp_...
68
+ synapsor replay show --replay replay_wrp_...
69
+ synapsor replay show --evidence ev_...
70
+ synapsor replay export --proposal wrp_... --format json --output replay.json
71
+ synapsor replay export --proposal wrp_... --format markdown --output replay.md
72
+ synapsor doctor --config synapsor.runner.json --report --redact --output synapsor-doctor.md
73
+ synapsor store stats --store ./.synapsor/local.db
74
+ synapsor store vacuum --store ./.synapsor/local.db
75
+ synapsor store prune --store ./.synapsor/local.db --older-than 30d --dry-run
76
+ ```
77
+
78
+ Unknown top-level commands now return a nonzero error instead of generic help.
79
+ Unsupported flags on the new search/list commands fail clearly rather than
80
+ being silently ignored.
81
+
82
+ ## Local Store Schema And Search
83
+
84
+ The store remains backward-compatible with existing local SQLite files. New
85
+ metadata columns are nullable and are backfilled from existing JSON where safe.
86
+
87
+ New/important searchable metadata:
88
+
89
+ - proposal tenant, principal, capability/action, business object, object id,
90
+ state, source, table, created time;
91
+ - evidence tenant, principal, capability, proposal id, business object, object
92
+ id, source, table, query fingerprint, created time;
93
+ - query audit tenant, proposal id, evidence id, source, table, primary-key
94
+ value, query fingerprint, created time;
95
+ - writeback receipt proposal id, writeback job id, idempotency key, status,
96
+ created time.
97
+
98
+ Indexes are created idempotently on the local store for:
99
+
100
+ - proposals by tenant/time, action/time, capability/time, principal/time,
101
+ object/time, state/time, source/table/time;
102
+ - evidence bundles by tenant/time, proposal id, created time, capability/time,
103
+ principal/time, object/time, source/table/time, query fingerprint/time;
104
+ - evidence items by evidence bundle id;
105
+ - query audit by evidence id, proposal id, source/table/time,
106
+ query fingerprint/time, tenant/time, object/time, primary-key/time;
107
+ - writeback receipts by proposal id, writeback job id, idempotency key,
108
+ status/time;
109
+ - replay records by proposal id and created time;
110
+ - approvals by proposal id and status/time;
111
+ - proposal events by proposal id and kind/time.
112
+
113
+ These are local metadata indexes. Runner does not index customer Postgres/MySQL
114
+ tables.
115
+
116
+ ## Read-Only Evidence
117
+
118
+ Read-only MCP tools can record evidence bundles and query-audit rows. The MCP
119
+ tool response returns an evidence handle. The user can now inspect that handle
120
+ later:
121
+
122
+ ```bash
123
+ synapsor evidence show ev_...
124
+ synapsor evidence list --tenant acme --capability billing.inspect_invoice
125
+ synapsor query-audit list --evidence ev_...
126
+ synapsor activity search --tenant acme --source app_postgres --table invoices
127
+ ```
128
+
129
+ Read-only evidence inspection does not rerun the external database read. It
130
+ shows captured/projected evidence that was already persisted locally.
131
+
132
+ Proposal replay remains proposal-centric. `replay show --evidence ev_...`
133
+ works only when the evidence bundle is linked to a replayable proposal.
134
+
135
+ ## Replay Versus Time Travel
136
+
137
+ Runner replay is local captured interaction replay:
138
+
139
+ ```text
140
+ trusted context
141
+ -> captured source-row excerpt
142
+ -> query audit/fingerprint
143
+ -> proposal before/proposed diff
144
+ -> approval/rejection events
145
+ -> writeback job
146
+ -> terminal receipt
147
+ ```
148
+
149
+ It is not:
150
+
151
+ - external DB time travel;
152
+ - `AS OF` query support over Postgres/MySQL;
153
+ - native branch creation;
154
+ - external DB merge;
155
+ - auto-merge;
156
+ - settlement-policy execution.
157
+
158
+ Synapsor-native branching, time travel, settlement, and workflow DAG execution
159
+ remain proprietary Synapsor Cloud/DBMS features.
160
+
161
+ ## MCP Resource Boundary
162
+
163
+ MCP resources remain read-only:
164
+
165
+ - `synapsor://proposals/{proposal_id}`;
166
+ - `synapsor://evidence/{evidence_bundle_id}`;
167
+ - `synapsor://replay/{replay_id}`.
168
+
169
+ They inspect local store records and do not mutate source databases. They also
170
+ do not list/search all local records through MCP; local search is a CLI/local UI
171
+ concern.
172
+
173
+ ## Not Included In OSS Runner
174
+
175
+ - C++ DBMS internals;
176
+ - native Synapsor branches;
177
+ - external DB time travel;
178
+ - `AS OF` external DB queries;
179
+ - external DB merge;
180
+ - auto-merge;
181
+ - settlement policies;
182
+ - workflow DAG engine;
183
+ - `CREATE AGENT WORKFLOW`;
184
+ - hosted workflow graph builder;
185
+ - governed memory;
186
+ - RBAC/SSO;
187
+ - hosted evidence ledger;
188
+ - central org-wide activity search;
189
+ - managed runner fleet;
190
+ - compliance exports;
191
+ - enterprise retention controls;
192
+ - production CDC machinery.
193
+
194
+ ## Safety Boundary Verification
195
+
196
+ The runner keeps these out of the model-facing MCP tool surface:
197
+
198
+ - `execute_sql`;
199
+ - `raw_sql`;
200
+ - `query_database`;
201
+ - approval tools;
202
+ - reject tools;
203
+ - apply/commit/writeback tools;
204
+ - database URLs;
205
+ - write credentials;
206
+ - model-controlled tenant authority.
207
+
208
+ Approval, rejection, and writeback stay in CLI/UI/app-handler/runner paths
209
+ outside the MCP tool surface.
210
+
211
+ ## Current Rough Edges
212
+
213
+ - The local UI is still proposal-review oriented. The CLI now has first-class
214
+ local evidence/search commands, but UI search/export for evidence/query-audit
215
+ is not yet a full dedicated workflow.
216
+ - Read-only evidence has CLI inspection and activity search, but read-only
217
+ replay is not a standalone replay object unless linked to a proposal.
218
+ - The current direct DB writeback adapter intentionally supports guarded
219
+ single-row `UPDATE` only. App-owned HTTP/command handlers are the path for
220
+ richer business writes.
221
+ - The alpha package requires Node >= 22.5.0 because the local ledger uses
222
+ Node's `node:sqlite` runtime. The package declares this and the bin wrapper
223
+ exits early with a clear message on older Node versions.
224
+
225
+ ## Tests Covering This Inventory
226
+
227
+ Relevant local tests:
228
+
229
+ ```bash
230
+ corepack pnpm exec vitest run packages/proposal-store/src/index.test.ts
231
+ corepack pnpm exec vitest run apps/runner/src/cli.test.ts
232
+ corepack pnpm exec vitest run packages/mcp-server/src/index.test.ts
233
+ corepack pnpm test:first-run
234
+ corepack pnpm test:mcp-client-configs
235
+ ./scripts/verify-public-commands.sh
236
+ ./scripts/verify-packed-runner.sh
237
+ ```
238
+
239
+ The current implementation pass specifically added coverage for:
240
+
241
+ - unknown command nonzero behavior;
242
+ - unsupported search flags failing clearly;
243
+ - proposal filters by tenant/capability/object/status;
244
+ - evidence show/list/export JSON/Markdown;
245
+ - query-audit list/show/export;
246
+ - receipts list/show;
247
+ - replay by proposal id, replay id, and linked evidence id;
248
+ - replay JSON and Markdown export;
249
+ - activity search by tenant/object;
250
+ - local metadata indexes and idempotent migration/reopen.
251
+ - `demo --quick` creating an inspectable local fixture store;
252
+ - built-in audit example JSON/Markdown output;
253
+ - clean packed-tarball command execution.
254
+ - local store stats, vacuum, and dry-run/apply prune.
@@ -12,9 +12,9 @@
12
12
  ## Routine checks
13
13
 
14
14
  ```bash
15
- npx -y -p @synapsor/runner@alpha synapsor-runner doctor
16
- npx -y -p @synapsor/runner@alpha synapsor-runner validate --job examples/postgres-support/job.approved.json
17
- npx -y -p @synapsor/runner@alpha synapsor-runner validate --job examples/mysql-orders/job.approved.json
15
+ npx -y -p @synapsor/runner@alpha synapsor doctor
16
+ npx -y -p @synapsor/runner@alpha synapsor validate --job examples/postgres-support/job.approved.json
17
+ npx -y -p @synapsor/runner@alpha synapsor validate --job examples/mysql-orders/job.approved.json
18
18
  ```
19
19
 
20
20
  `doctor` validates local configuration, calls Synapsor's runner-token doctor endpoint, confirms the token is authenticated for the configured source, checks database reachability and engine version, creates/verifies `synapsor_writeback_receipts`, and performs a rollback-only receipt insert to prove the configured credential can write runner receipts. It does not mutate business tables.